Protecting bursty applications against traffic aggressiveness

Aggressive use of networks, in particular the Internet, either by malicious or innocent users, threatens the service availability and quality of polite applications. Common queueing mechanisms which supposedly solve the problem, are shown in this work to be ineffective for bursty applications, including Web applications. This can be exploited by malicious users to conduct a new kind of Denial of Service attacks. We propose a new traffic control mechanism called Aggressiveness Protective Queuing (APQ) which is based on attributing importance weights to the users and which solves this problem by dynamically decreasing the weight of the aggressive users. The actual weight used for a flow is a dynamically varying parameter reflecting the past bandwidth usage of the flow. We show that under heavy load (deterministic model), APQ significantly restricts the amount of traffic an aggressive user can send and bounds it, at most, to twice the amount of traffic sent by a polite (regular) user. Simulation results demonstrate the effectiveness of APQ under a stochastic environment.

[1]  Abhay Parekh,et al.  A generalized processor sharing approach to flow control in integrated services networks: the single-node case , 1993, TNET.

[2]  Kevin Jeffay,et al.  Differential congestion notification: taming the elephants , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[3]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[4]  Ratul Mahajan,et al.  Controlling high-bandwidth flows at the congested router , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[5]  Hui Zhang,et al.  WF/sup 2/Q: worst-case fair weighted fair queueing , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[6]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[7]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[8]  José R. Gallardo,et al.  Dynamic predictive weighted fair queueing for differentiated services , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[9]  Anat Bremler-Barr,et al.  Protecting Bursty Applications Against Traffic Aggressiveness , 2006, 200614th IEEE International Workshop on Quality of Service.

[10]  JongWon Kim,et al.  Adaptive packet forwarding for relative differentiated services and categorized packet video , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[11]  Liang Guo,et al.  The war between mice and elephants , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[12]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.